Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: introduce cryptographic documentation #11

Merged
merged 1 commit into from
Oct 17, 2024
Merged

feat: introduce cryptographic documentation #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .custom_wordlist.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,11 @@ Slurm
munge
LXD
yaml
JWT
RSA
mungectl
Gid
Uid
cryptographic
cryptographically
PyPI
16 changes: 16 additions & 0 deletions explanation/cryptography/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
(cryptography)=
# Cryptography

This section describes the cryptographic algorithms and secrets used by the Charmed HPC project.

- {ref}`munge`
- {ref}`jwt`

```{toctree}
:titlesonly:
:maxdepth: 1
:hidden:

MUNGE <munge>
JSON Web Tokens <jwt>
```
17 changes: 17 additions & 0 deletions explanation/cryptography/jwt.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
(jwt)=
# JSON Web Tokens (JWT)

Some Slurm charms support [JSON Web Tokens](https://jwt.io/) as an alternative authentication method for a Slurm cluster.

This service is used by the Slurm charms:

- [`slurmctld`](https://charmhub.io/slurmctld)
- [`slurmrestd`](https://charmhub.io/slurmrestd)

A shared private encryption key is required to verify the signature of client tokens. The current method uses RSA with a length of 2048 bits, which is generated using the [`cryptography`](https://pypi.org/project/cryptography/) package for Python.

The [Slurm documentation](https://slurm.schedmd.com/jwt.html) contains more information about the topic.

## Libraries used

- [`cryptography`](https://pypi.org/project/cryptography/), from PyPI.
20 changes: 20 additions & 0 deletions explanation/cryptography/munge.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
(munge)=
# MUNGE

[MUNGE (MUNGE Uid 'N' Gid Emporium)](https://dun.github.io/munge/) is an authentication service for creating and validating credentials.

This service is used by all our Slurm charms, including:

- [`slurmctld`](https://charmhub.io/slurmctld)
- [`slurmd`](https://charmhub.io/slurmd)
- [`slurmdbd`](https://charmhub.io/slurmdbd)
- [`slurmrestd`](https://charmhub.io/slurmrestd)

MUNGE requires sharing a cryptographically secure key between all the Slurm nodes in a cluster. To generate this key, the charms
use the [mungectl](https://github.com/charmed-hpc/mungectl) utility, which uses Go's [`crypto/rand`](https://pkg.go.dev/crypto/rand) library to generate a cryptographically secure key of 1024 bytes of length, using either [`getrandom(2)`](https://man7.org/linux/man-pages/man2/getrandom.2.html) if available, and [`/dev/urandom`](https://en.wikipedia.org/wiki//dev/random) otherwise.

You can find more information about MUNGE on its [official wiki](https://github.com/dun/munge/wiki).

## Packages used

- [`crypto/rand`](https://pkg.go.dev/crypto/rand), from the [Go standard library](https://pkg.go.dev/std).
10 changes: 10 additions & 0 deletions explanation/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,14 @@
(explanation)=
# Explanation

- {ref}`cryptography`

🚧 Under construction 🚧

```{toctree}
:titlesonly:
:maxdepth: 1
:hidden:

cryptography/index
```